欢迎光临
我的个人博客网站

secure 审计暴力登陆

文件路径

cd /var/log -rw-------   1 root   root    1200063 Aug 10 20:04 secure 

做应急响应,或者做脚本监控的时候,都可以参考如下特征

... Aug 10 09:45:48 tv2-nids-kibana-01 sshd[3835443]: Invalid user test from x.x.x.x port 38648 Aug 10 09:45:48 tv2-nids-kibana-01 sshd[3835443]: input_userauth_request: invalid user test [preauth] Aug 10 09:45:48 tv2-nids-kibana-01 sshd[3835443]: pam_unix(sshd:auth): check pass; user unknown Aug 10 09:45:48 tv2-nids-kibana-01 sshd[3835443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x Aug 10 09:45:49 tv2-nids-kibana-01 sshd[3835443]: Failed password for invalid user test from x.x.x.x port 38648 ssh2 Aug 10 09:45:49 tv2-nids-kibana-01 sshd[3835443]: Connection closed by x.x.x.x port 38648 [preauth]  # 这一段都是描述来源x.x.x.x的ip、端口使用test 用户名登陆失败  Aug 10 09:46:14 tv2-nids-kibana-01 sshd[3835624]: Invalid user test from x.x.x.x port 56747 Aug 10 09:46:14 tv2-nids-kibana-01 sshd[3835624]: input_userauth_request: invalid user test [preauth] Aug 10 09:46:14 tv2-nids-kibana-01 sshd[3835624]: pam_unix(sshd:auth): check pass; user unknown Aug 10 09:46:14 tv2-nids-kibana-01 sshd[3835624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x  # 输入密码登陆失败 Aug 10 09:46:16 tv2-nids-kibana-01 sshd[3835624]: Failed password for invalid user test from x.x.x.x port 56747 ssh2 Aug 10 09:46:16 tv2-nids-kibana-01 sshd[3835624]: Connection closed by x.x.x.x port 56747 [preauth] # 连接关闭 ... 
赞(0) 打赏
未经允许不得转载:张拓的天空 » secure 审计暴力登陆
分享到: 更多 (0)

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

专业的IT技术经验分享 更专业 更方便

联系我们本站主机

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏